Related Content

Here’s what happens: You’re browsing a commercial site online and you click on a product—say a jacket. Maybe you buy it. Maybe you don’t. But the next thing you know, that same jacket—and lots of other jackets like it-- follow you everywhere.

You see ads for them on news sites, on Facebook, perhaps even on a site devoted to fishing gear or some other completely different kind of product. You feel like someone is watching you, and in essence someone is. The jacket merchandiser probably belongs to an advertising network that places a “cookie” in your browser, allowing it track where you go online. The network can then use that information to generate personalized ads based on your browsing history.

A $17 million settlement announced today between Google and the attorneys general of 36 states, including Washington, and the District of Columbia doesn’t stop that practice. But it does punish Google for deceiving its users about the practice, and it might make it easier for consumers to opt out of such tracking.

The settlement relates to how Google—which owns a huge ad network called DoubleClick—tracked users of Apple’s Safari browser. Problem number one, says Washington assistant attorney general Paula Selis, is that Google informed consumers on its site that if they used Safari, so-called “third-party” advertising cookies would be blocked. In fact, such cookies were not blocked because of problem number two: Google used a code to circumvent Safari’s default privacy settings.

“Google has said this wasn’t intentional, and that when it found out, if fixed [the problems]. But the fact is it happened,” Selis says.

Google has run into privacy problems before. In 2011, the company settled charges brought by the Federal Trade Commission dealing with the launch of Google Buzz, a social network that was a forerunner to Google Plus. According to the FTC, Google had told Gmail users that they could opt out of Buzz, but that wasn’t so easy to do. Consequently, neither was limiting the sharing of personal information.

“This is a tough settlement that ensures that Google will honor its commitments to consumers and build strong privacy protections into all of its operations,” FTC chair Jon Leibowitz said at the time.

Yet Google still did its privacy runaround with Safari. As a consequence it raised the ire of the FTC as well as state attorneys general. In 2012, the commission fined Google $22.5 million for violating its prior order, the largest such penalty ever. The $17 million settlement announced today comes on top of that fine.

Rotenberg, of the Electronic Privacy Information Center, which filed a complaint about Google Buzz that led to the original FTC action, says he believes that Internet tracking is an ongoing problem despite the penalties Google is facing over its Safari cookies. Most other browsers routinely use ad cookies, and unless deception is involved, there’s little attorneys general can do about that.

Selis, however, says that the latest Google settlement at least requires the company to become more transparent about how it uses cookies. Within 90 days, the company has to create a page on its site explaining what cookies are and how consumers can have more control over them. “It should be readily findable,” Selis says of that page. “That was really important to us.”

Facing a backlash over cookies, Google and Microsoft’s Bing are supposed to be working on proprietary trackers that may provide more privacy. But since a goal is also to help advertisers have even further reach, on devices like cell phones, it’s doubtful that online spying is going away any time soon.